20 Essential Linux Commands Every Sysadmin Must Master

For every system or network administrator, monitoring and debugging Linux performance daily is challenging. With five years of Linux admin experience, I compiled the twenty most useful command‑line monitoring tools that work across all Linux versions, helping you choose the right tool for any scenario.

1. top — Linux process monitoring

The top command is a performance monitor available on many Linux/Unix versions, frequently used by administrators to display running processes, CPU and memory usage, swap, cache, buffers, and more, highlighting processes with high resource consumption.

#top

2. vmstat — Virtual memory statistics

The vmstat command shows virtual memory, kernel threads, disk, system processes, I/O, interrupts, and CPU activity. It requires the sysstat package to be installed.

3. lsof — List open files

lsof lists open files and the processes using them, including disk files, network sockets, pipes, and devices, helping identify which files prevent unmounting.

4. tcpdump — Network packet analyzer

tcpdump is a widely used command‑line packet sniffer that captures and filters TCP/IP traffic, with options to save packets for later analysis.

# tcpdump -i eth0

5. netstat — Network statistics

netstat displays incoming and outgoing network packet statistics, useful for monitoring network performance and troubleshooting.

6. htop — Interactive process monitor

htop is an advanced interactive real‑time monitor similar to top but with a richer interface, shortcuts, and horizontal/vertical process views. It must be installed via the package manager.

#htop

7. iotop — Disk I/O monitor

iotop reports real‑time disk I/O usage per process, helping locate processes with high read/write activity.

#iotop

8. iostat — I/O statistics

iostat collects and displays I/O statistics for storage devices, useful for diagnosing disk performance issues.

9. IPTraf — Real‑time IP LAN monitor

IPTraf is an open‑source tool that monitors IP traffic, providing details on TCP flags, ICMP, UDP, IP errors, and interface statistics.

10. psacct / acct — User activity monitoring

psacct (or acct) tracks each user's activity and resource consumption via two daemon processes, allowing administrators to see what commands were run and how much resources were used.

11. Monit — Service monitoring

Monit is a free open‑source web‑based tool that automatically monitors and manages processes, files, directories, permissions, and services such as Apache, MySQL, FTP, and Nginx.

12. NetHogs — Per‑process network bandwidth

NetHogs is a lightweight program that shows real‑time network bandwidth usage per process, similar to top for network traffic.

13. iftop — Network bandwidth monitor

iftop displays a continuously updated list of bandwidth usage per host pair on a selected interface, complementing top which monitors CPU usage.

14. Monitorix — System and network monitoring

Monitorix is a lightweight monitoring tool that collects system and network metrics and presents them via an embedded HTTP server, covering load, memory, disks, services, ports, mail, MySQL, and more.

15. Arpwatch — Ethernet activity monitor

Arpwatch watches Ethernet traffic for ARP address changes, logging IP/MAC pairs and sending email alerts when changes occur, which is useful for detecting ARP attacks.

16. Suricata — Network security monitoring

Suricata is a high‑performance open‑source intrusion detection and prevention system that runs on Linux, FreeBSD, Windows, and other platforms.

17. VnStat PHP — Bandwidth monitoring

VnStat PHP is a web front‑end for the popular vnStat tool, providing graphical reports of network traffic per hour, day, and month.

18. Nagios — Network/Server monitoring

Nagios is a leading open‑source monitoring system that alerts administrators to server and network issues before they affect business processes, supporting remote Linux, Windows, switches, routers, and printers.

19. Nmon — Linux performance monitor

Nmon (Nigel's performance monitor) gathers CPU, memory, disk, network, NFS, and kernel statistics, offering both live monitoring and CSV output for later analysis.

20. Collectl — Integrated performance collector

Collectl is a powerful command‑line tool that collects information on CPU, memory, network, nodes, processes, NFS, TCP sockets, and more.